I have seen people promoted to Information Security Officer who did not know the first thing about IT or programming, let alone hacking or things like APTs, server security or the top ten list of exploits.
I believe he was promoted because they wanted him away from his previous job, managing a software development department.
I believe he was promoted because they wanted him away from his previous job, managing a software development department.